CVE-2025-22952: Memos Server-Side Request Forgery (SSRF)
(updated )
elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.
References
- elest.io/open-source/memos
- github.com/advisories/GHSA-wfxg-v3j4-7qmj
- github.com/usememos/memos
- github.com/usememos/memos/commit/f17774cb3b9612495d89576a91ab3480018cb0b6
- github.com/usememos/memos/commit/f8c973c938742827baaf6665cfe66805dc8e8d02
- github.com/usememos/memos/issues/4413
- github.com/usememos/memos/pull/4421
- github.com/usememos/memos/pull/4428
- nvd.nist.gov/vuln/detail/CVE-2025-22952
Detect and mitigate CVE-2025-22952 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →